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TOP Sl.CRLi COMiM. NOiORX 
NATIONAL SECURITY AGENCY 
CENTRAL SECURITY SERVICE 

FORT GEORGE G. MEADE, MARYLAND 20755-6000 


6 July 2009 


MEMORANDUM FOR THE CHAIRMAN. INTELLIGENCE OVERSIGHT BOARD 


THRU: Assistant to the Secretary of Defense (Intelligence Oversight) 

SUBJEC F: (U/T’OIJO) Report to the Intelligence Oversight Board on NS A Activities - 
INFORMATION MEMORANDUM 


✓ 


(U/T'Ol'Of Except as previously reported to you or the President, or otherwise stated in 
the enclosure, we have no reason to believe that any intelligence activities of the National Security 
Agency during the quarter ending 31 March 2009 were unlawful or contrary to Executive Order or 
Presidential Directive and thus should have been reported pursuant to Section 1.6(c) of Executive 
Order 12333. 


CU/.ft)! •'(-*) The Inspector General and the Genera! Counsel continue to exercise oversight 
of Agency activities by inspections, surveys, training, review of directives and guidelines, and 
advice and counsel. These activities and other data requested by the Board or members of the staff 
of the Assistant to the Secretary of Defense (Intelligence Oversight) are described in the enclosure. 



Inspector Geneva! 


Ml 


V'W 




VITO T. POTENZAl 
G eneral Counsel 


hereby 


(UP QUO) I concur in the report of the Inspector General and the General Counsel and 
make it our combined report. 



ALEXANDER 


Lieutenant General, U. S. Army 
Director, NSA/Chief, CSS 


Enel: 

Quarterly Report 

This document may be declassified and marked 
•■UNCLASSIUEty. trwOnkui t A Oulu" 
upon removal of enclosure s) 

Derived From: NSA/CSSM 1-52 

Approved for Release by NSA on 12-19-2014, FOIA Case # 70809 (Litigation) Dated: 20070108 

Declassify On: 2uT20i()8 
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1, (U//F OU©)intelligence, counterintelligence, and inteliigence-reiated activities 
that violate law, regulation, or policy substantiated during the quarter, as well as 
actions taken as a result of the violations. 


(U) Intelligence Activities 


ff 'hArn/.’ RLL TO USA, ITTY) U nintentional collection against United States (U.S.) 
persons. This quarter, there were) {instances in which Signals Intelligence (SIGINT) analysts 
inadvertently targeted or collected communications to. from, or about U. S. persons while 
pursuing foreign intelligence tasking. All intercepts and reports have been deleted or destroyed 
as required by United States SIG1NT Directive (USSID) SP0018. 

(b) (31-P.L. 86-36 
(b)(3)-50 USC 3024(i) 


'•(b) (1) 

(b)(3)-P.L. 86-36 

TTS.visiwi 1 ) t)n|_Occasions, selectors foi l I U.S. persons were 

collection before the approval process was completed. A lthough th 

submitted the prerequisite consensual collection forms in | _ 

the final approval had not been granted by the Director, National Security Agency (DIRNSA) 
prior to tasking. The NSA analyst erroneously believed OGC approval was sufficient to proceed 
with taskin 


(U) Unauthorized Targeting 


and did not complete the approval process. The violation was found and corrected 
I when the selectors were detasked. No collection resulted from the violation. 


NSA targeted a U.S, telep hone number in error. The 

|was inco rrect because 

~| whcn | | 

vithin 30 minutes, the 
1 which was 

obtained through a consensual collection authorization. No collection occurred from the selector 

tasked in error. ""-V 

(b)(3)-P.L. 86-36 (b)(1) 

j-L. .Mb) (4) (b) (3)-P.L. 86-36 

(U|_[Travel to the United States (b)(3)-p.L. 86-36 (b) (3)-50 use 3024 (i) 

(S//S1//RU1. TO USA, rVfiY) During this reporting period,| Ivalid foreign targets_ 

| the United States. Tasking was terminated, and collection, which occurred in 
|of the| instances, was purged from NSA databases. No reports were issued. 


number passed to NSA from | 

of a typing error. NSA analysts discovered the tvpinu error on 


istances of]_Jthe United 

«vould have been avoided had timely action 
| A lthough the analyst requested a review of 
~K vith access to the database was on sick 

_I revealed the target was in the United States 

The selectors were detasked, related collection was deleted from an NSA 


of the 


States, collection between|_ 

been taken to research the target's] 
theQ 
leave 
as of 


(b) (1) 

(b) (3) -P.L. 86-36 
(b) (3)-50 USC 3024(i) 


issifv On: S94809t4 
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database on|_ 

future violations. 


and the analyst applied for a research account to reduce the risk of 

: "'1b) (1) 

(b) (3)-P.L. 

rf in another of the aforementioned collectio n incidents, the target 
entered the United States on f Ian NSA analyst 

attempted unsuccessfully I I on the target selector on | ~| 

A malfunct ion of the graphical user interface application prevented execution) j 

~lor any other action. Once the database was returned to service, the analyst found that 


Collection occurred on 


intercepts were purged from the NSA 


f i'S,"7GI//Rni. TO USA. FVT,Y) On|_pccasions, collection occurred while valid foreign 

targets were in the United States. In all instan ces, colle ction was terminated and selectors 
were detaske d, Collection, o ccurring, in | | of thc | [ instances, was purged from NSA 
databases. ln | | incidents, violations resulted from procedural errors. 


(Tfj//0I//RCL TO USA, FVHY) An NSA analyst did not confirm that the target was 
outside of the United States before conducting a query of an NSA databa se. Although th e 
initial informa tion appeared to show the electronic m ail (e-mail) aceo unt f I 

I I the analyst searched on the selector on | Kvithoul the 

prerequisite check. Another NSA analyst found t he violation on | f und 

noted that the e-mail accoun t kh e United States. The query and 

associated results were deleted on | No reports were issued from that 

collection. .*r (b) (1) 

_/ (b) (3 )-p.l 

(S/Ajl/'llfif, TO USA. FVEY j l 1 an NSA analyst found a selector that 

should have been detasked in | | The selector belo nged to a foreign national 

|in the United States l | The selector, believed to have 

been removed in i 1 was noticed while an NS A analyst was pros ecuting 

another valid foreign target. The selector was detasked on | No collection 

relating to the U.S. person selector has been found. 


(U) Database Queries /’ (i>j pj-p.l. 86-36 

(S/VS 1 //R KL TO t jSA - . -4-- V 'f -¥r On | |occasions, NSA analysts constructed poor database queries, 
and onl bf those occasions, the queries returned results from the database. The returned results 
from the overly broad or incomplete queries was deleted, and no reports were issued. Procedural 
errors contributed toQof the | [violations. 


(S/. ' Sl.VRfiL TO USA - . - PVf - Y-) |_| an NSA[_| 

analyst failed to re strict his database query with fo reign target selectors, resulting in the 
targeting of a U.S. ) I without author ization . With the 

intention of collecting a communication , one end of which was in]_|t he analyst 

mistakenly believed that he could query | ]for 

foreign intelligence purposes. 
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(b.) (1) 

(b) (3.)-P.L. 86-36 
(b)(3)-50 USC 3024(i) 


(b)(3)-P.L. 86-36 

(i>ifojF> ; RTL TO USA. i ' VTY'j A nother NSA analyst used the terml 


in his se arch for foreign intellige nce related to the U.S. presidential 
inauguration. From) J the analyst mista kenly believed that the 


tb) (1) 

(b)(3)-P.L. 86-36 
6J (3) —18 USC 798 
b\(3)-50 USC 3024(i) 


term typed in|_Jwas permissible. The mistake, found on| 

corrected that day. No collection resulted from the query. 


was 


(TS//S1//R1.T , TO . USA, PVhiY) Human error resulted in the targeting of f 
. I- . ~1 A n NSA analyst and his auditor 


WYm 
(b)(3)-P.t 


incorrectly applied targeting guidance, resulting in I luueries to an NSA database 


[ 


queries. The mistake produced 1 I query results, which were deleted without review. 


('ITj/.-TSIZ/Rf" 1. TO USA. FVH'H An NSA analyst used the term 
search for foreign | I 


TBasti"). 

(M ' tf'-P..: L..86-36 


analyst mistakenly believed that the term typed in 
The query, found by the analyst's auditor, was deleted on 
collection was destroyed. 


his 

_, the 

1 was permissible, 
land all related 


In hi 

_\ih 


(31-P.L. 86-36 


(b)(1) 

(b)(3J-P.L. 86-36 

an attempt to locate a translated intercept, an (b) <3 >-so use 3024 a > 
NSA analyst sea rched on the I l ofthc transcribing linguist. The 

_[v iolation was found by the analyst's auditor. No results were returned. 

/(b) (1) (b)(1) 

(U) Detasking Delays £1 lai-i^usc^s 

(b)(3)-50 USC 3024(i) 


(TS//si//Nr r[ 


Gene ral auth orization had expired on 
I Selectors 


(b)(3)-50 USC 3024(i) 

\ 

telephone numbers 


ained tasked after an Attorney 
NSA analyst detasked the 

■ • •,___lhiil was no la ware of 

The violation was identified onl I and the 


Ji7[ 


emair 
_ The 


selectors were de tasked the same day. No collection occurred belvveen[ 


] 


A review of the incident resulted in a change in operating procedures. 


- f i- vS ' , 7Sl ' ' ' / h p RThe selectors of I I valid foreign targets tasked^ 


and 

ilfTb) (1) 

ib)(31-P.L. 86-36 


_Jwere not removed from tasking when they were appr oved for targeting under 

Foreign Intelligence Surveillance Court (FISC) O rdei f I Consequently, the targets' 


communications were intercepted^ 


2008. This o versight was found during a s el ector review 
were dctasked[~ ]on[ 


] after they entered the United States in 


collection on the targets since thev entered the United States. 


. The selectors 
] NSA analysts have not found 


(b)(3)-P.L. 86-36 


(S//Si/.'R11. TO USA. rvtT r ) Unintentional dissemination of U.S. identities. There 
were □ instances in which SIGfNT analysts disseminated communications to. from, or about 
U.S. persons while pursuing foreign intelligence tasking this quarter. All data have been deleted 
or destroyed as required. ln| | of thc| [instances, SiGINT products were cancelled because 
they contained the identities of U.S. persons, organizations, or entities. The reports were either 
not reissued or were reissued with proper minimization. 


(b)(1) 

(b)(31-P.L. 86-36 


TO P S UC RITIV/C’O MIN T V? j Q i ~QRN 
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(b)(3)-50 USC 3024(i) 


' "‘ (b) (1) 

(b) (3)-P.L. 86-36 


(5s//Siy/REL TO USA; FVT.Y)_|an NSA analyst tailed to minimize _ 

S.1GINT before he shared the data with an a nalyst from the ) 1 

1 he data, ] included information on| |u.S. persons. The | | 

analyst was contacted on | and he destroyed the data. No reports were issued on 

the disseminated data. 


b)(3)-P.L. 86-36 


Vhile NSA 


analysts were developing 


(b)(3)-P.L. 86-36 
(b) (3)-18 USC 798 
(b)(3)-50 USC 3024(1) 


-t S/ / NO Informatio n share d with | | analyst by an NSA ( b )( 3 )- p - L 86 ‘ 36 

analyst enabled t he f A nalyst to associate a telephone number with a U.S. person. On 
I Ian NSA analyst I _ T 


number was not given to thc | | analyst.[ 
it with the owner, who is a U.S. person. 


Although the complete 
~~Ivas sufficient to associate 


(U) Report Cancellation Delay 


mi i) 

(b)(3)-P.L. 86-36 


(W (1) 

(b)(3J-P.L. 86-36 
..(b) (3)-50 USC 3024 (i) 


(l'B//8I//Nr)|_an NSA analyst learned from | that a valid 

foreign target he ld dual | l and U.S. citizenship. Although the se lectors were detasked on 

I k ind collection was purged fro m NSA databas es. ! | reports generated from the 

unauthorized collection were not cancelled unti l I The delay in report cancellation 

occurred because of a mi scorn munication between two analysts. Each believed the other was 
going to cancel the reports. 



(U) The Foreign intelligence Surveillance Act (FISA) 


(b)(1) 

(b)(31-P.L. 86-36 
(b)(3)-50 USC 3024(1) 


(U) Unauthorized Targeting 


('1 b/i'TiI/ZNO Between | _ | collection continued on a target 

selector after the FISC Order. | had expired. During routine selector scre ening, an 

NSA Team Leader notic ed that an e-mail selector had no t been specified on the new | 

Court Order! | The selector was removed from | land tasking on 

l and related collection was purged from an NSA database on | ] 

No reports based on unauthorized collection were issued. 


NSA lea rned that a FISC-approved selector ! I 

I Collection specialists analyzed the selector metadata 


to determine that 


The selector was detasked on 


and collection from 


was purged from NSA databases the same day. To reduce the risk of a recurrence, oversight 



(b)(1) 

(b)(3)-P.L. 86-36 
(b)(3)-18 USC 798 
(b)(3)-50 USC 3024(i) 









tb.) (1) 

(bj <3)-P.L. 86-36 
(b) (3 >t_ 50 USC 3024 (i) 
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Toccdures have been modifie d to include 


occasions, collection continued after FISC orders 


violations were isolated or 


o a malfunction betweei 


selectors continued after the FISC 


Court Order expired or 


Collection 


bet ween I i -vas purge d from NSA databases. The selectors 

were retasked under the FISA Am endmen ts Act (FA A) | IC-ertification 

I the FISC' I | Court Order expired on I 

selectors was purged from NSA database on I 


Collection from 


(TS^SU ' RLilj TO USA. FVIiY) |_| a NSA analyst queried an NSA database for 

intelligence on a U.S. person for a p eriod not covered by FISC Order ! Although the 

order was signed and effective as of | I the an alyst queried bac k It_ 

The analyst terminated his query and deleted the results on | | when he recognized 

his mistake. 


(b)(31-P.L. 86-36 
(b)(31-18 USC 798 
(b)(31-50 USC 3024(1) 


(U) Business Records (BR) Order 


On 7 January 2009. while searching collection!_I 

_NSA analysts found BR FISA data included in the query results. Of 


the | | sc 1 ectors used in qucries. only| |had been approved under the reasonable articulable 

suspicion (RAS) standard. Although the numbers were associated with a foreign target, the 
selectors had not been approved for call c haining in the BR FISA data. The analyst did not know 
that approval must be sought for BR F1SA[ |call chaining. No data was retained, and no 

reports were issued. 


(T8//SI//NO On 9 January 2009. an NSA analyst violated NSA call-chaining procedures when 
he inadvertently did an extra hop. or call-chaining expansion during a BR FISA chaining event 
resulting in four call-chaining expansions or hops. The Court order prohibits more than three. 
Immediately, the analyst realized four hops were processed, and he deleted all of the results, 
which were foreign. 


D 
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(U) Update to previous report 

f I >'/,'?] I/■'’''i !’> As reported last quarter, on ! 5 January 2009, the Department of Justice 
reported to the FISC that NS A had been using an “alert list" to compare incoming BR 
f ISA metadata against telephone numbers associated with counterterrorism (CT) targets 
that NS A. had tasked for SIGINT collection. The Agency had reported to the FISC that 
the alert list consisted of numbers for which NSA had determined t hat a RAS existed that 
the numbers were rel ated to a terrorist organization associated with | 1 

1 However, the majority of selectors on the alert list had not been 
subjected to a RAS determination. Analysis through call-chaining was not performed 
unless the number met the RAS standard. 


TE>(i) 

(b)(3)-P.L. 86-36 
(b)(3)-50 USC 3024(i) 


against CT target selectors, an 


3 NS A suspended the comparison of BR FISA metadata 
in I 


(b)(1) 

(b)(3)-P.L. 86-36 


the conduct of a comprehensive review, NSA 
identified other processes used to query the BR FISA metadata that also did not conform 
with the Court’s orders or that were not fully explained to the Court. The review also 
identified some manually entered queries that were noncompliant with the Court’s orders. 
None of the compliance incidents resulted in the dissemination of any reporting from 
NSA to any other department or agency. Upon discovery of these compliance incidents, 
NSA immediately made changes to its processes to ensure that the Agency is handling 
and querying the telephony metadata in accordance with the Court’s orders. The 
corrective measures include implementation of controls that prevent any automated 
process from querying the telephony metadata NSA receives pursuant to the Court’s 
orders and which also guard against manual querying errors. 


fRirai.Wl') The Department of Justice filed preliminary notices of compliance incidents with 
the FISC on 15 January, 21 January, 26 January, 2 February, 25 February, and 31 March 2009. 
The ITSC issued an order on 5 March 2009 allowing NSA to continue to acquire the BR FISA 
metadata but imposing further restrictions on use of the data until the completion of the 
government's end-to-end system engineering and process report. The report will include further 
information on steps to remedy areas of concern, oversight efforts, and minimization and 
oversight procedures to be employed if the FISC allows resumed regular access to the BR FISA 
metadata. 


(U) Pen/Trap Order 


(U) Nothing to report. 

(U) The Protect America Act (PAA) 


(b M1) 

(b) (3)-.E|.L. 86-36 
(b) (3)-5CS'"U$C 3024 (i) 


( fS/zSI-VRUL TO USA, TVEY) A delay in the review of intercept contributed to collection on a 
target while he was in the United States. The selector was tasked under PA A I - 


Certification! |on| 1 but not checked bv the analyst until 



the United States. 

The query results were deleted on| | No reports were issued. 

‘(b)(1) 

(b)(3J-P.L. 86-36 (b > (1 > 

(b)(3)-P.L. 86-36 
(b)(3)-18 USC 798 
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(b)(1) 

(b)(3J-P.L. 86-36 
(b)(3)-18 USC 798 
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(i a.'7Si//REt.. ' TO U SA, FV 5Y) During a tasking record review |_| NS A 

analysts learned tha t| |iargct selectors had been tasked under the wrong a uthority. The 
selecto rs, tasked on |iad been tasked under the PAA| | 

I instead of the FAA | Certificatio n 2008. The j [ selectors were 

reiasked under the correct certification on | | No collection was purged because 

the two certifications share the same minimization rules and database storage protections. No 
reports were issued. ,^ b) (1) 

.\b)(3)-P.L 

ff fi /.-Til//? 4 1>] 1 u man error resulted in the targe ting of a dual U.S. an d | | citizen after 

~l The analyst tailed to detask 


an NS A analyst learned of the dual citizcnshi 

the e-mail address while he pursue d __ 

u n FAA 704 authorization. When this process weakness was identified | [ ti 

selector was detasked. No collection occurred during the period of unauthorized targeting, and 
no reports were issued. 


(b)(1) 

(b)(3)-P.L. 86-36 
(b)(3)-50 USC 3024(i) 


(U) The FISA Amendments Act 


:tbi in 

(b)(3)-P.L. 86-36 
(b) (3).-50 USC 3024 (i) 


(U) Tasked under an incorrect FAA Certification 


VRY) During a tasking record review | | NSA 

iiet selector had been tasked unde r the wrong authority. T he selector, 

_[had been tasked under the FAA | [ Certification 

A| I The selector was retasked under the 

>0 collection occurred. 


I I s/.’S j,’•’)< i i. in i NA. r e V j_[]_| two separate incidents were identified. 

An NSA analyst discovered that a select or had been tasked under the wrong authority from 

I Another analyst tasked a selector under the wrong 
Both selectors had been tasked under the 


authority from 


'ertification 


instead of the FAA 


ertification 


A selector for a foreign target was mistakenly tasked 


Apparently, the analyst used the w rong 


The error was overlooked by the tasking re view team. 
ollection when the problem was identified I” 


selccto r was removed froml 
No collection occurred 


(i S//S1//REL TO USA, FVFY) During a tasking selector review|_JNSA 

analysts earned that a targ et selector had been tasked under the wrong auth ority. Th e selei 

tasked oi_ had b een tasked u nder the FAA | [ Certification | ~| insteac 

;tion | | The selector was retasked under the 

No collection occurred. 


the FAA] 

correct certification on 


.HI""" 
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Son). 

(b)(3)-P 


(U) Unauthorized Targeting 
(TS//H i') | 


TOP SFCRFTvCOMlN IV/NUFORN 

/S(b) (1) 

v( b) (3)-P.L. 86-36 
ib)(3)—18 use 798 
|b)(3)—50 USC 3024(i) 


without FAA 70 5(bt authorization, an NS A intern queried ) | 
Itareetw ho is a U S. citizen to determine 
IThe | O btained from the search was deleted 


w hether he was still in | 

0l i I No other collection resulted. The intern has completed additional formal 

training on database queries and has been assigned to work with senior analysts. 

. L? 86-36. / 1 _ 


(b)(3J-P.L. 86-36 


(I S//SI//NH-C ollection occurred | ' ltd specified on the FAA 705(b) authoriza tion. 

Ian NSA analyst fo und that an | I tasked 

the target on | ~1 The tasking was based on j r eport that 

mentione d the number belonged to an unidentified associate of a counterterrorism target. The 
Idetaske d the selector and purged all related collection from NSA databases on (b ) m 


(b)(31-P.L. 86-36 
(b)(3)-50 USC 3024(i) 


(TS//SI//N -B Hu man error resulted in the tar geting of a f 
An N SA an alyst incorrectly [" 


1 r 


selector un der the FAA | ICertification. In addition to activity 
| the selector was | I through dai 

selectors. The selector was detasked on| | 


and tasked a 
]and 


y due diligence reviews of 


J 


(U) U.S. Person Status 
•f i’ii. ' .til;''Nl“) On I 


(1) 

(b)(3)-P.L. 86-36 


an f-'AA-authorized target was using an e-m ail address that 
th e selector was deta sked on | | and collection was 

_While researching the event . NSA analysts 

_jn the United States on | 1 The event was 

no t immediately fou nd because of a software error. A software modification was implemented 


purged from an NSA dat abase onf 
found that the target was 


on 


collection. 

tlf . 'AF'NFt Unr 


to correct the problem. No reporting occurred from the unauthorized 


resulted. Additionally, the analyst learne d[ 


Jan FAA-authorized target was usi ng an e-mail add ress that 
The e-mail sele ctor was detasked onf I No collection 


] 


_ _____] that the target possessed a U.S. pas sport, in conflict 

with the results of a previous NS A status request | | that revealed no U.S. 

citizenship. A s econd request to | C onfirmed U S. citizenship status on,, 


(b)(1) 

i(b) (31-P.L. 86-36 


(TS//Si, ' /NPt 

in the United States on[ 


Insa analysts learned that an FAA-author ized target was act ive 
Jrhe e-mail selector was detasked 


on 


Although appropriate actions were taken to purge the data from NSA databases, the time taken to 
complete the action exceeded NSA's sci {-imposed goal of purging data within live worki ng days. 


reporting occurred. 


TOP SECRE f lV/COMllv. f T?/NO r ORN 

B 
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(U) Detasking Delays 


tlwai/ZllIX TO USA, FVXY) Human error caused a three-day detasking delay, which resulted 
in collection while the target was active in the United States. The request to terminate the 
FAA -authorized collec tion was submitted on| I but the se lector was not detasked 

until | 1 The analyst d id not| ~| The resulting collection 

was purged from a NS A database on| | No reporting occurred on the 


(TS//SI//KIX TO USA. FVLYl A n NS A analyst did not detask a targeted telephone number 
when he discovered the | I teiephonc number | 

Trying to gamer intelligence on a target authorized by FAA 70 5b docket| the analyst <| 

kept the number on taski ng to obtain information on the target'sl | Hie <i 

selector remained tasked | | when the analyst was directed to 

detask the selector. No collection occurred during the period of unauthorized targeting. 


(TS//Sl//l i ttM., TO USArrFVFY) A judgment not to | R esulted it 

collection of a foreign target while he was in the United St ates. An N'SA analyst believed that a 
Vlaskina request submitted on | Kvould be completed prior to the 

_he United States on | | The analyst was on sick leave 

and was not able to verify the detask ing action. The | i ntercepts 
while foe ta rget was in the United States were purged from NSA databases on 


obtain© 


Human error resulted in the pursuit of an FAA 704-authorized 


[the e-mail selector rem ained laskcd l 

I The a nalyst from the 

j target office was in training during the target’s_ 

Itrip to the United States. The analyst recognized the mistake on | 

No collection occurred as a result of the violation. 


responsible 


{S/.'SI.'/NT) A selector was not detasked duri ne a target’s I _jvisit to a United 

States territory. NS A learned of the travel on | [ and detasked the selector on 

I Collection occurred before t he selector was r emoved from tasking. That 
collection was purged from an NSA database on| | No reporting occurred. 


(TS//SI//NP) A miscommunication between two NSA analysts contributed to collection on a 
foreign ta rget after he entere d the United States. When the analysts leamedf 
| the United States on | 1 each analyst bel 

collection, for the duration of the visit. The mistake was foundf” 
was detasked on 
NSA databases. 


were 


A communication problem resulted in delayed removal of 


an FAA selector from targeting while the tar; 


9 
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to the United States of an FA A 702 authorized target. The report requ ested detasking of the 

I Th e selector was not 
"k o the United States on 
and the selector was detasked on 


The error was identified on | 
Collection did not occur from the 


activity 


1.7? '.'ITResearch of an incident revealed |~ | (b)<: 

~k oon after the selector was tasked tor collection | 1 According to NSA <b)( ' 

procedures, a target analyst should have detasked a selector when the collection demonstrated a 
lack of useful intelligence. Subsequ ently, the e-mail a ddress | 

I The selector was detasked on | ] No collection on the target was found in 

NSA databases. No reports were issued. 


(U) Dissemination of FAA Data 


( fiC/Sf/NPyl _[unminimized collection was forwarded to|_| 

I A U S. selector was not minimized in an analyst-to-analyst 
exchange. When the violation was identified, the message was successfully recalled on 


(U) Destruction Delay 


(U) Other 


(b)(1) 

(b)(3)-P.L. 86-36 
(b)(3)-50 USC 3024(i) 


(U) Unauthorized Access 


ff S//SI//NF) [^_| an NSA analyst enlisted the help of anoth er NSA analyst for 

translation as sistanc e. In doing so, FISA data was viewed at an NSA | | sile not authorized for 
the data. ! he | [ analyst recognized the mistake and deleted the data. 

;'"86-36. ... ( b 

TtV/RhI. I'O USA. rVLV) A newly-created I ..... [ with no 

established authority to conduct SIGINT, attempted to obtain suc h authority by inap propriately 
using a parent organization's SIGINT add ress to sp onsor analysts | * | NSA 

author ity and directives were bypassed by] 1 N SA delete d the SIGINT database accounts 
of the 


and instructed 


An NSA supervisor mistakenly granted SIGINT database aeeess to a person not 


authorized for access 


_| analyst detailed to an NSA Cryptologic Center accessed NSA 

naly-st's NSA supervisor did not follow the documented process for 


databases. The 


(b)(1) 

(b)(3)-P.L. 86-36 
(b)(3)-50 USC 3024(i) 
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(b)(1) 

(b)(3)-P.L. 86-36 
(b)(3)-50 USC 3024(i) 


database access. Access was terminated ! I While the l l emplovee had 

SK.il.Nl database access, he was compliant with the intelligence oversight training mandates. 


(U) Improper Storage 


(b)(1) 

(b)(3)-P.L. 86-36 


(rS//fti//RId. IX) USA. FVCY) FISA data was not afforded the proper protection because of an 
oversight during a res earch and development effort. N SA researchers did not include FISA data 
in the development of[ |. so software to properly label FISA data \ 


(b)(1) 

(b)(3)-P.L. 86-36 
(b)(3)-18 USC 798 
(b)(3)-50 USC 3024(i) 


was not built into the program. 

]The mistake was corrected [ 


researchers with access to the data were cleared for FISA access 


I 


"I (b)(1) 

J (b)(3)-P.L. 


, an NSA analyst entered U.S. identities in, 
ll'his security violation was discovered by the Chief of the! 


r 


deleted the entries containing U.S. entities and confirmed removal from the[ 
No reporting or dissemination of the U.S. entities occurred. 


^he chief 


(U) improper Data Transfer 


(b)(1) 

(b)(3)-P.L. 86-36 
(b)(3)-50 USC 3024(i) 


(S//SI//NF) H uman error resulted in the introduction of U.S. person selectors in a software 
upgrade test. | ~] an NSA contractor used unminimized SIG1NT collection to 

test information transfer between two NSA systems. The data was to have been minimized 
before it was sent from one system to the other. During a system chock | 
the mistake was found and the files were purged the same day. 


] 


(U) Minimization 


tt>) (i) 

(b)(31-P.L. 86-36 


86-36 


(b)(3)-! 

(b)(3)-P L 86-36 


TT V/SfoKhl. TO USA. r\T.Yy [ 


an NSA technical director identified a 


possible we akness with the minimization of FAA and PAA data ! 

]and related graphical user interlace have been disabled pending further research. The 


NSA Inspector General will track corrective action through completion. 
(U) Premature Access 


(b)(1) 

(b)(3)-P.L. 86-36 
(b)(3)-18 USC 798 
(b)(3)-50 USC 3024(i) 


(S/ZSiiA -H-FL 10 USA. FVTlYj Accesses to sensitive NSA databases wer e not terminated when 
ISA analysts were assigned to work with the[ 



The NSA analysts accessed the databases periodically from 


Access to unminimized and un evaluated SIGINT by NSA analysts was approved for that 
location on[ 


(i fo'/'SK/RML TO US A. IVEYl A dditionally. NSA analysts working with the_ 

! ]were acce ssing SIGfNT databases without auth ority. Access^^_ 50 usc 3024(j) 

while the (b)(3)-p.L. 86-36 


was terminated 


(b)(1) 

(b)(3)-P.L. 86-36 


which NSA analysts had sincejj_ 

request for renewed access was processed. In a second instance, a simi 
occurred, | InSA analysts at| 


ar acc ess incident 
"Iliad access to 


TOP -SIT'RTTv.'C'OMIN'T/d ■ ;01'(.)RN 
11 




DOCID: 4165207 


top SLCRinv.c(^iii:n:.NOiX)iiN 


SIGINT databases without the proper approval. Analysts are prohibited from logging into the 
databases while the access approval is pending, in both instances, the requests for access had not 
been completed by the parent NSA organization. "(b)( 1 ) 

(b)(3)-P.L. 86-36 
(b)(3)-50 USC 3024(i) 

(S//REL TO USA, PVET) A software error re sulted in premature approval to access FA A a nd 
PAA data in an NSA database. The NSA/CSS | | is 

authorized to approve requests for SIGINT databa se access, while the SID approves access to the 

I While appro ving SIG INT database access, a 

software error enabled | bppr oval by the l I This weakness w as 

identified, repo rted, and corrected during an l Jac cess review] 


examination of| laccesses revealed thatonef Hanaivst had access to| 


An 


publish reports containing FAA or PAA data. 
(l.J) Unauthorized Access 


The analyst did not 


] 


(b)(1) 

(b)(3)-P.L. 86-36 


(U/7PO UC/TDuring the quarter, an analyst's access to SIGINT databases was not terminated by a 
Cryptologic Center upon completion of temporary additional duty on one occasion. Although 
the analyst was cleared for access, losing organizations must terminate access sponsorship, and 
the gaining organizations must sponsor database access. This mandated practice is an oversight 
internal control. 


(IJ) Computer Network Exploitation (CNE) 

(IT//blCRQ. IO 1 ,SA. lAh H I 



R 
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1(b)(1) 

“"**3)-P.L. 86-36 
3)-18 USC 798 
3)-50 USC 3024(i) 


(b)(1) . 

(b)(3)-P.L. 86-36 — 
(b)(3)-50 USC 3024(i) 


(IJ) Dissemination 
(S^RUU TO USA, AUS. GBR, N7.1. ' } [ 


"|n ; -SA terminatedf 


| | While researching the problem. NSA recognized and rectified 

weaknesses with additional oversight internal controls. Specifically, steps were taken to verify 


iawiu orouio ir 

anting lor me account noiaers. enst 

urc auditors are asstgr 
Ito block known U.S. 


imited access was restore^ 



- (cv/wn i 


data that was not releasable to 


i pviovAi mnmuu 

Jvas restored on 


e-mails were deleted upon recognition. Computer Security Incident Reports were submitted to 
NSA. 


(T v NM/ ' Rl i. 10 USA. 


(b)(1) 

(b)(3)-P.L. 86-36 
(b)(3)-50 USC 3024(i) 


t S/Z'dlZ/Ri-L TO USA. FYEY -) In I l in stances NSA analysts! 
^ contained U.S. person info rmatio n to the [ 


lthat 


(b)(1) 

(b)(3)-P.L. 86-36 


In the lirstl [ instances, which oc cur red on| | a 

__ The | | instance occurred o n (b)(1 ) 

when the l was in the United States. The I ^ 86 " 36 

destroyed the intercept and notified NSA of the incidents. (b)(3)-50 USC 3024(i) 


(.a73I//RI.:L TO USA, Vim l 

U.S, person information was 


containing 


when collection was£ 


the U.S. person informationf 


A U.S. analyst noticed 


b)(1) 

b)(3)-P.L. 86-36 
b)(3)-50 USC 3024(i) 


working with the|_ 


person information. 


Jhas beg; 


] 


un 


to establish forma! procedures for handling U.S. 

(b) (3) -P. L. 86-36 (b)(1) 

(b)(3)-P.L. 86-36 
(b)(3)-18 USC 798 
(b)(3)-50 USC 3024(i) 
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(U) Counterintelligence Activities 


(U) Nothing to report. 


(b)(1) 

(b)(3)-P.L. 86-36 
(b)(3)-50 USC 3024(i) 


(U) InteSiigence-reiated Activities 


(S/ZSI/AN't* 1 ) To reduce the risk of unauthorized telephony collection and prevent viol, 
instituted a process to give analysts greater and faster insight into a target's location. 


When collection occurred 


it was purged from NS A databases 


(b)(1) 

(b)(3)-P.L. 86-36 
(b)(3)-50 USC 3024(i) 


mail selcctorsl 


is quarter. Collection 


that occurred in | fr f the | I instances was purged from NS A databases. 


(CV/REL TO UFi AtTVIi Y) Although not violations of E.O. 12333 and related directives,. 

NS A/CSS re ports | | instances in which database access was not terminated when access was 

no longer required. Once identified, the accesses were terminated. 


Collection occurred on U.S. persons because 


collected as a result of the malfunction was purged from the database 


(b)(3)-P.L. 86-36 
(b)(3)-50 USC 3024(i) 


2. {U//FQ UO)-NSA OIG Intelligence Oversight inspections, Investigations, and 
Special Studies. 


(U/VfOUO) During this quarter, the OIG reviewed various intelligence activities of the 
NSA/CSS to determine whether they had been conducted in accordance with applicable statutes. 
Executive Orders, Attorney General procedures, and Department of Defense and internal 
directives. With few exceptions, the problems uncovered were routine and showed that 
operating elements understand the restrictions on NSA/CSS activities. 


(U/fPOUO) NSA/CSS Threat Operations Center 


(U//FOUO) An NS A OIG inspection found that the intelligence oversight within NTOC is 
appropriately managed and compliant with standing regulations. NTOC has established effective 
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(b)(1) 

(b)(3)-P.L. 86-36 
(b)(3)-50 USC 3024(i) 


management controls to ensure that | ~~1 authorities are properly 

executed on the N IOC operations floor. Based on training statistics reviewed, the inspector 
found a 95 percent rate of compliance for intelligence oversight training. 


(IJ/iEOlJ©) Alleged Unauthorized Disclosure of Classified Information 

(b)(1) 

._, (b)(3)-P.L. 86-36 

( rfi/ffil.'/f# 1 ) The | I (b)(3)-50 use 3024(i) 

is conducting an investigation into the release of a S1G1NT report to an | l intel licence 

officer before the repo rt was sanitized or vetted for proper release. The data disseminated 
I [ included NS A data that is potentially a significant compromise of SIGINT • b 

capabilities. The OIG will track this action through completion. (b)(3)-p.L. 86-36 

(U) Congressional, IOB, and DNi Notifications. 

86-36 

(1S//SI//N1 1 j | NS A/C-SS notified the Majority Staff Director of the Senate 

Select Committee on Intelligence of the process to resolve the Business Records matter, provide 
additional information to the Committee on other matters that have been addressed previously to 
the Committee, and to notify the Committee of one additional matter which was only recently 
identified. A copy of the four part notification is included as an addendum to this report. 

3. (U) Substantive Changes to the NSA/CSS Intelligence Oversight Program. 

(U) Nothing to report. 

4. (U) Changes to NSA/CSS published directives or policies concerning 
intelligence, counterintelligence, or intelligence-related activities and the reason 
for the changes. 

(U) Nothing to report. 

5 . (U) Procedures governing the activities of Department of Defense (DoD) 
intelligence components that affect U.S. persons (DoD Directive 5240.1-R, 

Procedure 15) Inquiries or Matters Related to Intelligence Oversight Programs. 

(IJ) Nothing to report. 
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